keep using Bearer prefix

3 files changed, 73 insertions, 34 deletions

diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index b714ac8c..dfffa36d 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -199,17 +199,23 @@ TMH_check_token (const char *token,
   enum GNUNET_DB_QueryStatus qs;
   struct TALER_MERCHANTDB_LoginTokenP btoken;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-              "checking token %s\n",
-              token);
   if (NULL == token)
     return TMH_AS_NONE;
+  /* This was presumably checked before... */
+  GNUNET_assert (0 == strncasecmp (token,
+                                   RFC_8959_PREFIX,
+                                   strlen (RFC_8959_PREFIX)));
+  token += strlen (RFC_8959_PREFIX);
+
   if (GNUNET_OK !=
       GNUNET_STRINGS_string_to_data (token,
                                      strlen (token),
                                      &btoken,
                                      sizeof (btoken)))
   {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to convert %s\n",
+                token);
     GNUNET_break_op (0);
     return TMH_AS_NONE;
   }
@@ -227,24 +233,18 @@ TMH_check_token (const char *token,
   }
   if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Token %s unknown\n",
-                token);
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Token unknown\n");
     return TMH_AS_NONE;
   }
   if (GNUNET_TIME_absolute_is_past (expiration.abs_time))
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Token %s expired\n",
-                token);
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Token expired\n");
     /* FIXME: may want to return special EC to indicate
        (recently) expired token in the future */
     return TMH_AS_NONE;
   }
-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-              "Token %s has scope %d\n",
-              token,
-              scope);
   return scope;
 }
 
@@ -622,12 +622,14 @@ extract_token (const char **auth)
   const char *bearer = "Bearer ";
   const char *tok = *auth;
 
-  if (0 != strncmp (tok, bearer, strlen (bearer)))
+  if (0 != strncmp (tok,
+                    bearer,
+                    strlen (bearer)))
   {
     *auth = NULL;
     return;
   }
-  tok = tok + strlen (bearer);
+  tok += strlen (bearer);
   while (' ' == *tok)
     tok++;
   if (0 != strncasecmp (tok,
@@ -1771,16 +1773,14 @@ url_handler (void *cls,
   if (public_handlers != handlers)
   {
     const char *auth;
-    const char *tok;
     bool auth_ok;
     bool auth_malformed = false;
 
     /* PATCHing an instance can alternatively be checked against
        the default instance */
-    tok = MHD_lookup_connection_value (connection,
-                                       MHD_HEADER_KIND,
-                                       MHD_HTTP_HEADER_AUTHORIZATION);
-    auth = tok;
+    auth = MHD_lookup_connection_value (connection,
+                                        MHD_HEADER_KIND,
+                                        MHD_HTTP_HEADER_AUTHORIZATION);
     if (NULL != auth)
     {
       /* We _only_ complain about malformed auth headers if
@@ -1816,10 +1816,8 @@ url_handler (void *cls,
                                 TMH_default_auth)) );
     hc->auth_scope = auth_ok
       ? TMH_AS_ALL
-      : TMH_check_token (tok,
+      : TMH_check_token (auth,
                          hc->instance->settings.id);
-    if (TMH_AS_NONE != hc->auth_scope)
-      auth_malformed = false;
     /* We grant access if:
        - scope is 'all'
        - rh has an explicit non-NONE scope that matches
diff --git a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
index 242b583a..28690433 100644
--- a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
@@ -33,6 +33,7 @@ TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh,
                                        struct MHD_Connection *connection,
                                        struct TMH_HandlerContext *hc)
 {
+  const char *bearer = "Bearer ";
   struct TMH_MerchantInstance *mi = hc->instance;
   const char *tok;
   struct TALER_MERCHANTDB_LoginTokenP btoken;
@@ -41,6 +42,31 @@ TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh,
   tok = MHD_lookup_connection_value (connection,
                                      MHD_HEADER_KIND,
                                      MHD_HTTP_HEADER_AUTHORIZATION);
+  /* This was presumably checked before... */
+  if (0 !=
+      strncmp (tok,
+               bearer,
+               strlen (bearer)))
+  {
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_ec (connection,
+                                    TALER_EC_GENERIC_PARAMETER_MALFORMED,
+                                    "login token (in 'Authorization' header)");
+  }
+  tok += strlen (bearer);
+  while (' ' == *tok)
+    tok++;
+  if (0 != strncasecmp (tok,
+                        RFC_8959_PREFIX,
+                        strlen (RFC_8959_PREFIX)))
+  {
+    GNUNET_break_op (0);
+    return TALER_MHD_reply_with_ec (connection,
+                                    TALER_EC_GENERIC_PARAMETER_MALFORMED,
+                                    "login token (in 'Authorization' header)");
+  }
+  tok += strlen (RFC_8959_PREFIX);
+
   if (GNUNET_OK !=
       GNUNET_STRINGS_string_to_data (tok,
                                      strlen (tok),
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
index 839c68d1..a223a882 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
@@ -117,17 +117,32 @@ TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh,
   case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
     break;
   }
-  return TALER_MHD_REPLY_JSON_PACK (
-    connection,
-    MHD_HTTP_OK,
-    GNUNET_JSON_pack_data_auto ("token",
-                                &btoken),
-    GNUNET_JSON_pack_string ("scope",
-                             scope),
-    GNUNET_JSON_pack_bool ("refreshable",
-                           refreshable),
-    GNUNET_JSON_pack_timestamp ("expiration",
-                                expiration_time));
+
+  {
+    char *tok;
+    MHD_RESULT ret;
+    char *val;
+
+    val = GNUNET_STRINGS_data_to_string_alloc (&btoken,
+                                               sizeof (btoken));
+    GNUNET_asprintf (&tok,
+                     RFC_8959_PREFIX "%s",
+                     val);
+    GNUNET_free (val);
+    ret = TALER_MHD_REPLY_JSON_PACK (
+      connection,
+      MHD_HTTP_OK,
+      GNUNET_JSON_pack_string ("token",
+                               tok),
+      GNUNET_JSON_pack_string ("scope",
+                               scope),
+      GNUNET_JSON_pack_bool ("refreshable",
+                             refreshable),
+      GNUNET_JSON_pack_timestamp ("expiration",
+                                  expiration_time));
+    GNUNET_free (tok);
+    return ret;
+  }
 }